All Mac Systems and iOS Devices Are Affected by Meltdown and Spectre : Apple Says

January 5, 2018

We all know that Security Researchers have discovered security vulnerabilities related to all the modern processors manufactured in the past 10 years affecting nearly all computing devices and operating systems. The researchers named these bugs as Meltdown and Spectre.

These hardware bugs break the most fundamental principle of system security allowing a program access the memory of other programs and operating systems which can include sensitive information such as passwords and personal data. According to Google’s findings, Meltdown attack works against Intel CPUs which implements out-of-order execution. It isn’t clear whether the AMD and ARM are affected. While they have verified Spectre flaw on Intel, AMD, and ARM processors. Moreover, all the cloud provider using Intel CPUs and Xen PV as virtualization and the ones without real hardware virtualization such as Docker, LXC, or OpenVZ are affected.

Regarding these hardware bugs, Apple also confirmed that nearly all of its Mac and iOS devices are affected by the Meltdown and Spectre security issues. In the company’s support page Apple said “These issues apply to all modern processors and affect nearly all computing devices and operating systems. All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time.”

The company also explained that these issues can only be exploited through a malicious app on the iOS or Mac device. Also, Apple recommended its users to download software from only “trusted sources,” such as its own App Stores.

It also mentioned that the mitigations against Meltdown have been released with its own software updates for MacOS (10.13.2), iOS (11.2), and tvOS (11.2). However, Apple watch isn’t affected by Meltdown. To help defend against Spectre,” Apple says it will release a software update soon for Safari.

The other companies such as Google and Microsoft have already released patches to mitigate these vulnerabilities.